* You are viewing the archive for July, 2011

Security Update Released for Citrix XenApp and XenDesktop

A remotely exploitable security bug in Citrix XenApp and XenApp has been released. Details are at the link below.

Affected versions:
– all versions of XenApp and XenApp Fundamentals (formerly known as Access Essentials) up to and including version 6
– XenDesktop 4 with, or without, Feature Packs 1 or 2

References:
http://support.citrix.com/article/CTX129430

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Apple iOS 4.3.5 and 4.2.10 Released

These updates address security-related bug in iOS.

References:
http://lists.apple.com/archives/security-announce/2011/Jul/msg00005.html
http://lists.apple.com/archives/security-announce/2011/Jul/msg00004.html

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Apple Safari 5.1 and 5.0.6 released

Apple has released Safari 5.1 and 5.0.6 (for Apple Mac and Windows). This new version contains several security-related fixes.

References:
http://lists.apple.com/archives/Security-announce/2011/Jul/msg00002.html

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Oracle July 2011 Patches Released

Oracle has released its July 2011 Critical Patch Update. The security patches affect the following products:

Oracle Database 11g Release 2, versions 11.2.0.1, 11.2.0.2
Oracle Database 11g Release 1, version 11.1.0.7
Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5
Oracle Database 10g Release 1, version 10.1.0.5
Oracle Secure Backup, version 10.3.0.3
Oracle Fusion Middleware 11g Release 1, versions 11.1.1.3.0, 11.1.1.4.0, 11.1.1.5.0
Oracle Application Server 10g Release 3, version 10.1.3.5.0
Oracle Application Server 10g Release 2, version 10.1.2.3.0
Oracle Business Intelligence Enterprise Edition, versions 10.1.3.4.1, 11.1.1.3
Oracle Identity Management 10g, versions 10.1.4.0.1, 10.1.4.3
Oracle … Continue Reading

Share

RIM Releases Security Fixes for BlackBerry Enterprise Server

RIM releases fixes for DoS and information disclosure vulnerabilities in their BlackBerry Enterprise Server software. BlackBerry smartphones aren’t affected.

The following BES versions are affected:
– BlackBerry® Enterprise Server version 5.0.0 for Microsoft Exchange, IBM Lotus Domino and Novell GroupWise (with the BlackBerry® Administration API component installed as an option only)
– BlackBerry® Enterprise Server Express 5.0.0 for Microsoft Exchange and IBM Lotus Domino (with the BlackBerry® Administration API component installed as an option only)
– BlackBerry® Enterprise Server Express versions 5.0.1, 5.0.2 and 5.0.3 for Microsoft Exchange
– BlackBerry® Enterprise Server Express versions 5.0.2 … Continue Reading

Share

Apple iOS 4.3.4 and 4.2.9 Released

These updates close the latest jailbreaking hole in iOS.

References:
http://lists.apple.com/archives/security-announce/2011/Jul/msg00000.html
http://lists.apple.com/archives/security-announce/2011/Jul/msg00001.html

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Exploit Released for BlueCoat BCAAA

An exploit has been published on exploit-db.com for a remotely exploitable bug in BlueCoat BCAAA. BlueCoat BCAAA is used by ProxySG and ProxyOne.

The following ProxySG versions include the fix:
6.2.1.1
6.1.4.1
5.5.5.1
5.4.7.1
5.3.x – no patch available yet
4.3 – SGOS 4.3.4.2 patch release.

No fix has been released yet for ProxyOne.

References:
https://kb.bluecoat.com/index?page=content&id=SA55
http://www.exploit-db.com/exploits/17513

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

[ICS] Siemens Announces Password Security Weakness in SIMATIC S7 Controllers

Siemens has announced a password security problem in an authentication mechanism used in their SIMATIC S7 series of programmable controllers. No patch is available yet. Until a fix is available, some defensive guidance is available at the reference link below. The following Siemens SIMATIC S7 platforms are affected:

S7-200
S7-1200
S7-300
S7-400

References:
http://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=en&objid=51401544&caller=view

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share